Counter Terror Business 56

Page 1 | ISSUE 56




DEFENDING AGAINST CYBER THREATS How can the public sector protect itself?



What important events marked 2023?

17-18 APRIL












ONLINE SAFETY AND CYBERSECURITY The headlines at the moment are dominated by the conflict in Israel and Gaza, in which thousands of people have been killed. The majority of the dead are civilians, including a large number of children. At the same time, Muslims and Jews in the UK and around the world are fearing for their safety, with hate crimes against both groups seeing a large increase since the conflict began.



The Online Safety Act has just received Royal Assent - it is hoped the law will reduce the amount of illegal and harmful content online.

How can the public sector protect itself?



What important events marked 2023?

17-18 APRIL




October is Cyber Security Awareness month and this issue of Counter Terror Business Magazine includes an article from ISACA on how the public sector can protect itself from cyber threats. Next month, CTB will be hosting a webinar on the topic - you can sign up here. This issue of CTB also includes a feature on HVM ahead of the festive season, an article from the PSSA on testing, and a look back at some of the important events from the last year.

Follow and interact with us on X:

Polly Jones, editor


ONLINE // MOBILE // FACE TO FACE To register for your FREE Digital Subscription of Counter Terror Business, go to: or contact Public Sector Information, 226 High Road, Loughton, Essex IG10 1ET. Tel: 020 8532 0055 PUBLISHED BY PUBLIC SECTOR INFORMATION LIMITED

226 High Rd, Loughton, Essex IG10 1ET. Tel: 020 8532 0055 Web: EDITOR Polly Jones PRODUCTION MANAGER & DESIGNER Dan Kanolik PRODUCTION DESIGNER Jo Golding PRODUCTION CONTROL Deimante Gecionyte WEB PRODUCTION Freya Courtney PUBLISHER Damian Emmins

Counter Terror Business would like to thank the following organisations for their support:

© 2023 Public Sector Information Limited. No part of this publication can be reproduced, stored in a retrieval system or transmitted in any form or by any other means (electronic, mechanical, photocopying, recording or otherwise) without the prior written permission of the publisher. Whilst every care has been taken to ensure the accuracy of the editorial content the publisher cannot be held responsible for errors or omissions. The views expressed are not necessarily those of the publisher. ISSN 2399-4533




Simply brilliant

MiniLED with Thunderbolt docking

Brilliance 7000 27” (68.6 cm) | Mini LED | Thunderbolt 4 | 4K UHD 27B1U7903/00

MINI LED Local Dimming


CONTENTS CTB 56 07 NEWS New Prevent guidance published; Funding announced for cybersecurity in Scotland; NI Troubles Act gets Royal Assent; and Restrictions on bombmaking materials come into force

15 HVM A best practice report by Hostile Vehicle Mitigation (HVM) specialist Christian Schneider

19 PERIMETER SECURITY Following on from discussions at the PSSA’s Summer ’23 Interact Day, the PSSA (Perimeter Security Suppliers Association) asked Alistair Crooks of HVM testing experts HORIBA MIRA to shed some light on the issue of multiple test reports from one test

21 PERIMETER SECURITY A comprehensive approach to Hostile Vehicle Security from the PSSA (Perimeter Security Suppliers Association)

22 EXPERT PANEL CTB spoke to Paul Mutter, ATG Access; Gareth Hulmes, The Security Institute; Chris Stevens, Sidos UK Ltd; and Adam Savage – Barkers Fencing about making security easier and whether there are any shortcuts that are worth taking

29 ISE REVIEW Counter Terror Business was pleased to be a media partner for the Global Counter Terror and Serious and Organised Crime summit at International Security Expo in September

31 FACIAL RECOGNITION Policing minister Chris Philp recently announced at the Conservative Party conference that he wanted police officers to have access to a wider range of databases outside of those on the national database, which only includes people who have already been arrested

33 CRITICAL COMMS In the most recent risk register published by the UK government, when grouped together with cyber attacks on infrastructure, a cyber attack on telecommunications systems was given a 5-25 per cent likelihood rating

34 EMERGENCY SERVICES SHOW A record number of visitors attended The Emergency Services Show and co-located The Emergency Tech Show at the NEC on 19 and 20 September

37 REVIEW OF THE YEAR It may only be October, but a lot has happened this year already. CTB takes a look back at some of the biggest stories of the year

40 AVIATION SECURITY The liquid limits on aeroplanes are an ingrained part of travelling nowadays, we all know what we can and can’t take in our hand luggage. But things are starting to change with the introduction of new technology

42 CYBERSECURITY Chris Dimitriadis, global chief strategy officer at ISACA looks at ways the public sector can protect itself from cyber threats

Counter Terror Business magazine // ISSUE 56 | COUNTER TERROR BUSINESS MAGAZINE









Offering security & protection to pedestrians and urban infrastructure whilst enhancing the aesthetic value of the space. 01625 322 888



New Prevent guidance published

Online Safety Act becomes law

The government has published refreshed draft Prevent duty guidance, along with a statutory instrument laid in the House of Commons to bring it into force under the CounterTerrorism and Security Act. The guidance delivers on several recommendations from the independent review of Prevent and includes practical advice for those with responsibility to stop people from becoming terrorists or supporting terrorism. The guidance is aimed at frontline professionals in healthcare, education, local authorities, prisons, probation and the police. Home secretary, Suella Braverman, said: “Terrorists seek to destroy the freedoms and values we cherish. It is the duty of government to disrupt this enduring and evolving threat. “Ongoing improvements to Prevent are paving the way for a stronger, more transparent and proportionate approach to tackling radicalisation in this country. This includes ensuring that we are no longer working with or funding groups who legitimise extremists. “The updated Prevent duty guidance provides frontline professionals in education, healthcare and local government with a renewed focus as well as new tools and information to stop people from becoming terrorists or supporting terrorism.”

The government has also announced that it is on track to deliver the majority of the recommendations from the Prevent review by 2024. Ten of the 34 recommendations have been delivered in full and progress has been made against all of the others. 68 out of 120 tasks have been completed. New training on the ideological foundations of extremism and terrorism is being rolled out throughout the country and terminology has been updated in the guidance throughout to reflect an individual’s susceptibility to terrorism and vulnerability will only be used where appropriate. Delivery of Prevent has also changed from a national to a regional model, which provides support for all local authorities in England and Wales. The areas with the highest radicalisation risk will also receive multi-year funding to combat the local threat. Education secretary, Gillian Keegan, said: “Our schools are committed to protecting pupils from radicalisation and extremist influences, and this guidance along with the support of frontline workers will be pivotal to achieving that. “These changes will provide greater clarity, practical advice and access to best practice for all teachers and education settings.”


The Online Safety Act has received Royal Assent, putting the rules it contains into law. The Act places legal responsibility on tech companies to prevent and rapidly remove illegal content, including terrorism and pornography. Tech companies will also be responsible for ensuring that children cannot see material that is harmful to them such as bullying, content promoting self-harm and eating disorders, and pornography. Those that fail to comply with the law will face fines and even prison for company bosses. The law intends to ensure that tech companies remove illegal content quickly or prevent it from appearing in the first place, including content promoting self-harm and prevent children from accessing harmful and age-inappropriate content including pornographic content, content that promotes, encourages or provides instructions for suicide, self-harm or eating disorders, content depicting or encouraging serious violence or bullying content. Tech companies will also have to enforce age limits and use agechecking measures on platforms where content harmful to children is published; ensure social media platforms are more transparent about the risks and dangers posed to children on their sites, including by publishing risk assessments; and provide parents and children with clear and accessible ways to report problems online when they do arise. Technology secretary Michelle Donelan said: “Today will go down as an historic moment that ensures the online safety of British society not only now, but for decades to come. “I am immensely proud of the work that has gone into the Online Safety Act from its very inception to it becoming law today. The Bill protects free speech, empowers adults and will ensure that platforms remove illegal content.”




FRONTIER PITTS Protecting Your World GATES


+44 (0) 1293 422800 BLOCKERS




HOSTILE VEHICLE MITIGATION Please come and visit us at the INTERNATIONAL SECURITY EXPO 26 - 27 September 2023, Olympia, London Frontier Pitts, Crompton House, Crompton Way, Manor Royal, Crawley, RH10 9QZ


Tugendhat delivers speech at International Security Expo

Security minister Tom Tugendhat delivered a speech at the International Security Expo in September. Tugendhat spoke of the significant moments in the security industry that have occurred over the last year including the death of the queen and the coronation and the war in Ukraine, along with the updated CONTEST strategy, the National Security Act and the draft Martyn’s Law Bill. He paid tribute to everyone across government, and those in law enforcement, security and the intelligence community and in defence. Tugendhat highlighted how threats have changed, with many now online and not in the open. This

includes non-state actors, criminal groups and private companies, state actors and lone actors. He mentioned that partnerships with academia, the private sector and industry are critical to tackling terrorism and continuous improvement. The minister concluded: “Security in 2023, as you all know very well, is about so much more than government, the police and security services. “It’s about all of you, it’s about making sure the entire mission and buy-in from right across society and that people understand what we’re trying to do to keep our whole community safe. I am

really grateful to all of you who, who day in day out, continue to prepare the United Kingdom and our friends and allies to respond. “Thank you very much indeed for your time today. I am very confident that the work you are doing, that we are doing together, is going to keep us safe for many years into the future. The work that you do will also build into our economy a level of resilience and that level of control that means you are able to succeed.” Other speakers at the two-day event included the MP Tobias Ellwood who also put emphasis on collaboration with the private sector, highlighted Russia’s human rights abuses and drew parallels with the 1930s. At the Global Counter Terror & Serious and Organised Crime Summit, in partnership with Counter Terror Business, Figen Murray, Travis Frain, Ann Travers and Máiría Cahill took part in a victim’s panel, sharing their stories and what more can be done to support survivors and victims of terrorism. On Day Two, Figen Murray joined Nick Aldworth, Tracy Reinhold, Barrie Millet and Debbie Bartlett on a panel on Martyn’s Law.



Funding announced for cybersecurity in Scotland The Scottish Government has announced £500,000 of funding for communities to tackle the growing risks posed by online crime. Organisations such as Scottish Union Learning and Community Enterprise, will be able to use the money to provide workshops aimed at tackling scams and internet safety, deliver training to upskill underrepresented groups into careers within cyber security and provide digital advice in different languages. The projects will be targeted at specific groups, including disabled people and those with specific learning needs, minority ethnic groups, people living in areas of social deprivation or in rural or remote communities and those for whom English is not their first language. The funding is part of £1.16 million invested by the Scottish Government in 2023-24 to improve preparedness to withstand, defend

against, manage, and recover quickly from cyber incidents. There were an estimated 14,890 cyber-crimes recorded by Police Scotland in 2022-23, which is almost twice the level in 2019-20 (7,710). Justice and home affairs secretary Angela Constance said: “Cybercrime such as fraud and data theft can have a devastating impact on people, communities and businesses. “The Scottish Government is committed to building cyber resilience within all our communities and this

funding will enable many more people across the country keep themselves safe and secure when going online by supporting them to gain practical knowledge and skills to recognise and avoid cyber-attacks. “We will also continue to work closely with Police Scotland and the National Cyber Security Centre to ensure Scotland’s public sector is resilient to cyber threats.”




Smart integrated lighting solutions that protects people and places.


Talk to us about how we can help YOU transform spaces and places. Get in touch at


NI Troubles Act gets Royal Assent

Northern Ireland Troubles (Legacy and Reconciliation) Act has received Royal Assent. The Act aims to address the legacy of the Northern Ireland Troubles and promote reconciliation by establishing an Independent Commission for Reconciliation and Information Recovery, limiting criminal investigations, legal proceedings, inquests and police complaints, extending the prisoner release scheme in the Northern Ireland (Sentences) Act 1998, and providing for experiences to be recorded and

preserved and for events to be studied and memorialised, and to provide for the validity of interim custody orders. Secretary of state for Northern Ireland, Chris Heaton-Harris made a statement, saying: “The legacy of the Troubles in Northern Ireland has always been one of the key issues left unaddressed since the signing of the Belfast (Good Friday) Agreement. “Yesterday’s Royal Assent of the Northern Ireland (Troubles & Reconciliation) Act marks a significant milestone as the Government aims to deliver on our

pledge to deliver better outcomes for those most affected by the Troubles, while helping society to look forward. “I recognise getting to this juncture has been a hugely difficult task for all. The legislation contains finely balanced political and moral choices. “It presents us all with a real opportunity to deliver greater information, accountability and acknowledgement to victims and families, moving away from established mechanisms that have left far too many empty-handed. I am confident that this Act provides a framework to enable the Independent Commission for Reconciliation and Information Recovery (ICRIR) that it establishes to deliver effective legacy mechanisms, while complying with our inter-national obligations.” He continued: “If we are truly to provide greater information, accountability and acknowledgement to victims and families of the Troubles and help society to move forward in the spirit of reconciliation, we must build a legacy process founded on integrity, expertise and fairness. “Now that the legislation has become law, the UK Government will do all it can to support the ICRIR, consistent with its operational independence, as it establishes itself and seeks to deliver effectively for victims and families. I hope that others, including the Irish Government, can do the same.”



Restrictions on bomb-making materials come into force

From Sunday 1 October, new restrictions on poisons and explosive substances have come into force. The changes have been implemented through the updates to the Poisons Act 1972. The changes mean stricter requirements on reporting suspicious activity, including new obligations

for online marketplaces. Customer information, such as photo identification, will also need to be recorded when selling regulated materials to business users. New substances have also been added to the list of regulated poisons, including 2,4 Dinitrophenol and zinc phosphide and hexamine - the latter

two are often used in fireworks. It will be a criminal offence to sell these substances to members of the public without a valid licence. Security minister Tom Tugendhat said: “The deaths of dozens of young people at the hands of criminals selling chemicals like DNP is a tragedy. “These new measures will help prevent dangerous controlled substances from falling into the wrong hands.” Food Standards Agency (FSA) head of National Food Crime Unit Andrew Quinn said: “DNP can, and does, kill. This is why we strongly support the Home Office on the reclassification of DNP as a poison as well as the police on tackling criminals who supply this killer chemical.”






SPECIALISED LAPTOPS FOR DEFENCE CTB spoke to Fred Kao, CEO of Durabook, about how specialised laptops can be used in defence applications and their collaboration with Viasat and APC Technology

WHY DO YOU NEED SPECIALISED LAPTOPS FOR DEFENCE APPLICATIONS? Applications for mobile computing in the military sector are crucial for defence contractors, military branches and C4I field operations. As the applications are real-time mission critical, result-oriented and highly classified, ruggedness, durability and high levels of data security are vital. Operations are also carried out in all weather conditions, and this is also where “specialised” laptops, or “rugged” devices, come in. Durability and reliability: Defence personnel must work in hazardous and unpredictable environments; therefore, a specialised solution built to adapt to these conditions is required. Rugged laptops are equipped with reinforced casings, shock absorption and vibration resistance, which ensure the device remains operational despite impacts, drops and other physical stress. Protection from environmental factors: In military settings, defence personnel are exposed to rainy, dusty, moist environments. Rugged laptops are sealed to protect internal components from being disturbed by these environmental factors. Secure data handling: Handling sensitive data is a key priority, so rugged laptops are equipped with advanced encryption, authentication, and data protection functions to secure critical data in during loss or theft. In addition, regarding secure data handling, the SSD plays an essential role. The SSD equipped on Durabook’s laptops can be easily removed without losing sensitive data, enhancing security. Versatility for every situation: Customisation is critical for a constantly evolving sector, so leading manufacturers have incorporated expansion capabilities as standard. This means, rugged devices can be expanded to incorporate the latest technology and legacy systems. For example, a rugged laptop can easily be expanded to become a portable cloud or local storage device or server providing immediate and safe analysis, capture and analysis of data for accurate decision-making,

such as GIS maps for mission planning. Durabook’s rugged laptops offer various options for end users, including DVD-embedded solutions, dedicated military ports and sealed USB ports. Incorporating extensive customisation capabilities at the design stage means devices can be customised for every sale and at little to no extra cost. For example, APC Technology is a key market reseller; and this method of collaboration means they can provide a solutions-focused proposition for their customers that align with specific or end-user requirements. Durabook products are built with a modular design, providing extensive configuration options, while, our engineering support can customise a solution from the ground up to meet mission requirements. HOW DID THE COLLABORATION BETWEEN DURABOOK AND VIASAT COME ABOUT? With the increasing awareness of data security across all industry and military communities, various customers approached Durabook regarding the availability of devices equipped with VIASAT self-encrypted SSD. Through the collaboration between VIASAT and Durabook, several rugged laptop and tablet PCs have been tested to be VIASAT-ready, Eclypt 2.5” SATA SSD and DARC M.2 SSD. WHAT SPECIALISED CAPABILITIES DOES THIS LAPTOP HAVE AND HOW ARE THESE A BENEFIT? Specialised, or rugged laptops are designed to pass various certification grades to guarantee functionality in abnormal operating environments and where general consumer devices would fail. These include MIL-STD-810 environmental tests, MIL-STD-461 electromagnetic interference tests, ANSI/ UL C1D2 or ATEX explosive protection tests, Ingress Protection tests and VIASAT Eclypt/DARC encrypted SSD tests. MIL-STD-810 certified devices allow the user to operate their device under non-regular environments, such as high/low temperatures, high humidity and attitude environments,

environment where possibilities of vibration and shock can occur. MIL-STD-461 certified devices allow the user to operate their devices under heavy electromagnetic interference environments. ANSI/UL C1D2 or ATEX certified devices allow the user to operate their devices at locations where highly flammable or explosive substances are present, such as in the mining field, oil/ gas rig or petrochemical factories. Ingress Protection certified rating devices allow the user to operate their devices under high concentration of dust environment and under all types of raining conditions. VIASAT Eclypt/DARC self-encrypted SSD verified devices allow the user to choose VIASAT storage solution for robust encrypted data security. The above five certification examples are just some benefits of choosing a specialised laptop (or a rugged tablet), which guaranteed users the ability to complete mission-critical tasks in versatile environmental conditions that consumer devices cannot match. Please contact your Durabook sales representative for further information. L

Fred Kao, CEO of Durabook




6-7 MARCH 2024 • Coventry Building Society Arena

39 out of 48 UK Police Forces attended

40 out of 52

UK Fire & Rescue Services attended


70% 1923 £1M+ of visitors make or influence sales decisions


11 out of 14

UK Ambulance Services attended




BAPCO Annual Event

average yearly spend of 40% of our audience


A best practice report by Hostile Vehicle Mitigation (HVM) specialist Christian Schneider



n 19 December 2016, the worst attack ever recorded on a Christmas market took place at Breitscheidplatz in Berlin, a very popular venue in the centre of the German capital. Since then, Christmas market and outdoor event operators have been applying advanced physical security measures in order to protect their events from hostile vehicles. In this article, Christian Schneider, a Germany-based Hostile Vehicle Mitigation Advisor who became responsible for the HVM measures at the Breitscheidplatz in 2018 discusses applied Hostile Vehicle Mitigation, lessons learned and best practices. As extremists increasingly use hostile vehicle tactics to perpetrate attacks on publicly accessible locations (PALs), we are confronted with new security challenges that underline our need to improve the protection of these public spaces. Christmas markets and other outdoor events are a particularly vulnerable type of soft target embodying those challenges. A key aspect in the evolution of hostile vehicle tactics is the transition from the use of vehicles as weapon carriers to using the vehicle itself as the weapon. VEHICLE ATTACKS This is hardly surprising, as various terrorist organisations have been calling on their followers to use vehicles as effective weapons since 2010 (“The ultimate mowing machine”, INSPIRE (2010)). For among the many means of attack, vehicles may be considered as a kind of a disruptive technology and thus offer extremists a multitude of extraordinary

advantages (“Truck Attacks “, Rumiyah (2017)). The increased use of this tactic is confirmed by statistics, which demonstrate a significant increase in vehicle as weapon attacks since 2014. This phenomenon affects all communities equally, regardless of whether they are large cities, small towns or villages. Whilst vehicle-as-a-weapon attacks, such as those in London, Nice, Barcelona and Berlin are well known in the public domain, lesser-known European towns like Volkmarsen (Germany), StrépyBraquegnies (Belgium) or Marbella (Spain) have also made headlines as a result of ramming-attacks. Or were you aware of those towns’ existence prior to the attacks? In addition to vehicle ramming attacks, we must also contend with accidents that occur in PALs, as was the case in August 2022, when a heavy lorry accidentally crashed into a street party near Rotterdam (The Netherlands), with fatal consequences. PROTECTION Hence, protecting PALs from accidents and vehicle-ramming attacks is increasingly important. Fortunately, the protection mechanisms required to meet these challenges are already well-known best practise. If we take a closer look at physical protection against hostile vehicles, it quickly becomes obvious that the reliability of any measure is inextricably linked to the quality and care of its prior planning. True to the motto “He who fails to plan is planning to fail” (Sir Winston Churchill (1874 – 1965)), good planning E













Made for situations when failure is not worth contemplating, Streamlight® has created the broadest range of professional torches and lighting tools that can be trusted for a lifetime.

HVM  is the key to sustainable success. Seriousness, competence, experience and impartiality are the essential requirements for the planners of any security and protection measure. Of course, serious planning includes the elaboration of a threat, vulnerability and risk assessment, comprehensive operational requirements (ORs), as well as adherence to the relevant guidance standards (ISO 22343-2 (2023); ISO IWA 14-2 (2013); PAS 69 (2013)) but also requires an effective planning process. Here, the RIBA Plan of Work has long proven to be a particularly helpful guidance for effective planning. And this holds true for both, permanent AND temporary measures. Following RIBA’s Plan of Work not only enhances the planning process with a clear and effective structure, but also supports the project manager and all those involved in the project to do the right things in the most effective order, and timing. It also helps to resist the common “quickfix” impulse to prematurely think of deploying certain types of VSBs before the planning process begins by first and foremost keeping focus on producing prerequisite operational requirements. PROCESS NOT PRODUCT The reason behind this simply is the fact that security is not a product, but the result of a process carried out prudently, that leads to comprehensive, well thought through, and proportional measures. In general, there are three main concepts to apply physical protection measures: Installing permanent VSBs that require permanent foundations, deploying portable barriers that are usually surface placed, or a side-by-side combination of both. Naturally, each of these three methods has its particular advantages and disadvantages, and unfortunately there is no magic VSB that will always lead to the best result in every situation and certainly never will without a detailed analysis of the local conditions, needs and operational requirements. But again, the good news is that though there is no “one-size-fits-all” solution for all protective areas, the assessment and planning process described above, conducted in close collaboration with dedicated specialist security consultants will almost always lead to the most optimised solution, i.e. safe, secure, economic, aesthetic and practical. However, more often than not, sites for Christmas markets and other open-air events need to be protected on a short notice, thus asking for the deployment of temporary protective measures, e.g. surface placed VSBs. Such portable measures are neither worse nor better than permanent measures, but they are fundamentally different in vehicle impact performance, and, most notably, vehicle penetration distance

MISAPPLICATIONS CAN USUALLY BE TRACED BACK TO THE WIDESPREAD MISCONCEPTION THAT HOSTILE VEHICLE MITIGATION MEASURES ARE SIMPLY A MATTER OF ERECTING BARRIERS and debris dispersion. Thus, surface placed measures require particular design and application, because these types of barriers usually do not possess their own foundations, thus require a comprehensive knowledge of their engineering characteristics, surface needs and civils constraints, such as ground conditions, drainage, weight, deployability, recovery, etc. Hence, a deep understanding of their interaction with the surface of the installation is vital in order to predict the VSBs likely performance in case of an impact. That said, it is essential that only impact rated barriers are applied, i.e. VSBs that have been awarded with a matching performance rating of an internationally recognised crash-test standard (ISO 22343-1 (2023); ISO IWA 14-1 (2013); PAS 68 (2013))! Also bear in mind that a VSB is designed for a specific application and should only be deployed if its performance rating meets the requirements of the particular Vehicle Dynamic Assessment (VDA) carried out for the very site of deployment. This means that a VSB that was rated to stop a standard car at low speed is most unlikely to work against a lorry or worse, a heavy-duty vehicle. While in the United Kingdom, thanks to the work of the security authorities over many years already, one sees impressively well thought-out security measures in place at many sites, elsewhere, however, there often still is a lot of room for improvement. There are useless and highly dangerous block-out attempts around, that are not only doomed to fail but are even causing an increased level of latent and operational hazard to the crowd. This is why those who rush to think of HVM just being bollards, concrete blocks and alike quickly find themselves in a very dangerous dilemma, because premature measures compromise on people’s safety and security rather than improving them. Therefore, by following good guidance, applying relevant standards correctly and using the services of suitably qualified and experienced HVM security consultants, the risks of deploying ineffective security solutions will be greatly reduced. Even the temporary protection of rarely used publicly accessible locations is nowadays quite easily achievable by qualified experts! Misapplications can usually be traced back to the widespread misconception that Hostile Vehicle Mitigation measures are simply a matter of erecting barriers.

In a nutshell, expertise and experience are key to achieving a reliable level of protection. There is no need to take the risk of trial and error, but seek advice from your local Police, CTSAs, and specialist HVM security consultants. Well trained support is just a mouse-click away. HVM is not a product, but a joint best practice process of security, engineering planning, and architectural engagement, comprising of organisational, technical, and personnel measures. Well considered Hostile Vehicle Mitigation provides a win-win situation for all the stakeholders involved. It results in providing reliable protection for temporary and permanent venues and sites, contributes to the visitor’s individual perception of safety and security, and thus is significantly increases the attractiveness and success of the events taking place there. For all readers and interested decision-makers who would like to learn more about how to plan, design and implement reliable protection measures, I recommend browsing through the comprehensive and easy-to-understand guides offered by the NPSA and ProtectUK, which are available on the internet. Here you will not only find the important references to the standards and guidelines, but also a lot of best practise, good tips and most valuable and impartial advice.L About the author: Christian Schneider has a strong background in engineering and mitigation of dynamic loads. He founded the INIBSP “Initiative Breitscheidplatz” in 2017 after the terrible Vehicle Ram Attacks of Nice and Berlin, as a non-profit expert forum aiming to quickly provide relevant HVM know-how to decision makers in Germany. Since then, his enterprise has developed into the leading consultancy on the topic in German-speaking countries. Together with international experts and local authorities, he developed and implemented numerous HVM schemes for the protection of entire city centres, airports, critical infrastructures, stadiums and public spaces. Schneider is member of HVM standards and norms committees, and author of multiple articles on the topic of HVM. His commitment and devotion to protecting people form hostile vehicles earned him the nickname “PollerPabst” (Bollard Pope) in Germany.







• EXTREMELY HIGH THROUGHPUT with near-zero nuisance alarms


THREATS, such as high caliber assault weapons and IEDs

• EASY TO RELOCATE AND QUICK TO INSTALL: Less than 1 minute setup time


For more information, contact your CEIA representative at or call us today at +44 1789 868 840 • +44 7887 421 410

w w w . c e i a . n e t

ENGATE_advert_FC060K0480v1000gUK.indd 1

08/03/2022 08:31:


PERIMETER SECURITY Following on from discussions at the PSSA’s Summer ’23 Interact Day, the PSSA (Perimeter Security Suppliers Association) asked Alistair Crooks of HVM testing experts HORIBA MIRA to shed some light on the issue of multiple test reports from one test



n some instances, test houses have been issuing multiple reports for the same test but against different standards (PAS68, IWA14-1, ASTMF2656). This is possible due to overlaps in tolerances, however, it has been noted by NPSA (CPNI) that this is occurring at times when it should not and as a result tests can end up being refused inclusion on the NPSA Key Points: It is NOT possible to issue a rating for a single test to European Regulations at N3 level and Federal Regulations at M level as the vehicles are significantly different configuration and have incompatible GVW. It is NOT possible to issue a rating for a single test to all European Regulations at N3 level and Federal Regulations at C7 level as the required test masses are different and the vehicles have incompatible GVW. It is NOT possible to issue a rating for a single test to European Regulations at N2 level and Federal Regulations at M level as the vehicles are significantly different configuration and have incompatible GVW. It CAN be possible to issue ratings to cover all of the European Regulations at N3 IF the test house has correctly interpreted the tolerances on the vehicle requirements.

FREQUENTLY ASKED QUESTIONS WHY CAN I NOT HAVE A RATING TO IWA14-1:2013 AT N2A OR N3C LEVEL AND ASTM M LEVEL? The IWA N2A/N3C vehicles are a European-style truck with the cab over the engine and the ASTM M truck has the cab behind engine i.e. the vehicle specifications are not compatible. Additionally, the GVWs are incompatible with the M truck having GVW 11801-14970kg which does not match either N2(A) 7.5T or N3(C) 18T. WHY CAN I NOT HAVE A RATING TO PAS68:2013 AT N2 OR N3 LEVEL AND ASTM C7 LEVEL? Although the trucks are similar configuration (cab-over engine), the GVWs are incompatible with the C7 truck having GVW 1180114970kg which does not match either N2(A) 7.5T or N3(C) 18T. CAN IT BE POSSIBLE TO ISSUE A RATING TO COVER THE EUROPEAN REGULATIONS?

It can be possible to cover all the European Regulations with a single test as the trucks are all the same specification. Care must be taken over the test mass requirements to ensure meeting the tolerances of all the regulations. Additionally, a reputable test house should ensure that they are not deliberately making testing easy by testing at the lowest end of the tolerance of any of the regulations. A responsible test house should for example conduct the test to PAS68/CWA16221 with a test mass as close to 7500kg as possible and subsequently assess the test against IWA14-1:2013. CAN I HAVE A TEST CONDUCTED THAT IS COMPLIANT TO EUROPEAN AND FEDERAL REGULATIONS? Yes, IWA14-1:2013 N2B vehicle is the same vehicle as the ASTM M Truck. Key points, load-bed type, ballast method and test item install must all be in accordance with ASTM requirements and vehicle age must match IWA14-1 (<10years old). E







PAS68 – N3

ASTM F2656 – M

ASTM F2656:2020 – C7

• •

Conventional Euro Cab – i.e. Cab-over GVW 18000kg Test Mass 7500+150kg i.e. minimum 7350kg

• • •

Conventional US Cab – i.e. cab behind engine GVW 11801-14970kg Test Mass 6800+140kg i.e. maximum 6940kg

• •

Cabover/Cab Forward – i.e. cab above engine GVW 11801-14970kg Test Mass 7200+150kg i.e. maximum 7350kg

CWA16221 – N3 • • •

Conventional Euro Cab – i.e. Cab-over GVW 18000kg Test Mass 7500+140kg i.e. minimum 7360kg

IWA14-1 – N3C • • •

Conventional Euro Cab – i.e. Cab-over GVW 18000kg Test Mass 7200+400kg i.e. minimum 6800kg


50 YEARS OF BRILLIANT THINKING Streamlight® Inc., a leading provider of high-performance lighting and weapon light/laser sighting devices, is this year marking 50 years of manufacturing high-quality flashlight products. A pioneer in the development of rechargeable flashlights, lanterns, and LED lighting, the company is known for its expert engineering approach to creating lighting products that feature extraordinary brightness while also offering high value and durability. RECHARGEABILITY Streamlight’s rechargeable line is one of their biggest innovations, particularly their multi-fuel flashlights for their convenience. These flashlights are equipped with rechargeable batteries, allowing users to easily replenish their power supply whenever needed, eliminating the hassle and expense of constantly purchasing and replacing disposable batteries. With the rechargeable line, users can simply plug their flashlights into a power source or use alternative charging methods, such as USB ports, ensuring a continuous and reliable power source. In addition to convenience,

their rechargeable multi-fuel flashlights offer long-term cost savings. While they may require a slightly larger upfront investment compared to traditional flashlights, their operational costs are significantly lower in the long run. The ProTac® 2.0 Series is one of Streamlight’s newest rechargeable systems. Whether it’s handheld, handsfree, or weapon-mounted, users get 2,000 super-bright lumens from these USB rechargeable lights, all powered by Streamlight’s SL-B50® USB Li-Ion battery pack that charges via USB-C cord inside or outside of the light. WEAPON-MOUNTED LIGHTS Streamlight’s well-established line of weapon-mounted lights continues to grow, and many of them now come with a green laser. The inclusion of a green laser significantly enhances target acquisition and visibility, particularly in low-light situations, making it an invaluable asset for those who depend on accurate and rapid target identification. The TLR-8® G Sub is the latest weapon-mounted tactical light with green laser, offering 500 lumens, and interchangeable rear paddle


switches that allow you to customise the light to your shooting style. SIDEWINDER® SERIES Streamlight’s Sidewinder® Series is renowned for having the most versatile military lights in the world. The varied lights in the series are a modern representation of the evolution of military flashlights, offering lightweight right-angle solutions that are not only compact, but also allow for multiple hands-free options and colour LEDs at different outputs. The newest product to the family, the Sidewinder Stalk®, is a multifunction military helmet light system featuring multiple colour LEDs, an Identification Friend or Foe (IFF) beacon, a strobe function, and a flexible stalk for aiming light where it is needed. Its versatility reduces the amount of gear needed in the field, and with its multi-fuel capability, it’s the ultimate configurable tactical light. L Continue reading online...


PERIMETER SECURITY A comprehensive approach to Hostile Vehicle Security from the PSSA (Perimeter Security Suppliers Association)



ostile Vehicle Mitigation (HVM) is a critical aspect of modern security, and its proper implementation is paramount. Recognising this, the Perimeter Security Suppliers Association (PSSA) is planning to introduce the Hostile Vehicle Mitigation Installers Scheme (HVMIS) as a code of conduct requirement of PSSA membership. The HVMIS aims to set stringent requirements and processes to ensure quality and efficiency in HVM installation and maintenance.

and, with the Council’s approval, is expected to be implemented by the year-end, reflecting the commitment of all involved to prioritise and perfect the process.

THE ORIGINS OF HVMIS The development of the HVMIS was no small feat. It involved an elaborate process of creation, evaluation, and trial that included participation from Government bodies, PSSA Council, and several installers. Although the initial intention was to present it as a government-supported scheme, the complexities surrounding potential future legislation led to a decision for PSSA to act unilaterally. The idea was to mandate the scheme for PSSA members, ensuring a unified standard across the industry. The process saw several rounds of checks and re-checks, to validate the approach and make necessary refinements. The scheme was finalised

THE HVMIS PROCESS The process consists of three key stages: 1. General tender stage. This includes: receipt, review, inspection, and site visits, as well as quotation issuance and order confirmation. 2. Preparation stage covers risk assessments, verification, and planning. 3. Site works and de-rig of installation includes pre-start meetings, health and safety checks, installation, training, and completion documents.

WHY HVMIS? Improper installation of HVM protection is as detrimental as not having any protection at all. The HVMIS process aims to align installation with both physical constraints and the client’s budget, while not compromising on safety.

COMPLIANCE AND QUALITY ASSURANCE The HVMIS emphasises thirdparty verification through NPSA, NaCTSO, CTSAs, or CT SecCos, ensuring a consistent standard.

ENSURING MAINTENANCE AND CLIENT UNDERSTANDING Mandatory maintenance and operational training are integral, ensuring comprehensive understanding and management of the systems. FINAL THOUGHTS AND FUTURE LAUNCH PSSA chairman Paul Jeffery’s thoughts reflect the importance and strategic planning that went into the HVMIS. It is anticipated that that the launch of the scheme will be just before the PSSA’s Annual General Meeting (AGM) in December/January, marking a significant milestone in the industry’s evolution. With vehicular threats becoming increasingly sophisticated, the HVMIS is a crucial step in bolstering our defence capabilities. It’s a reflection of the collective commitment to excellence, standardisation, and resilience in the face of ever-evolving challenges. L





CTB spoke to Paul Mutter, HVM Product lead UK, ATG Access; Gareth Hulmes, head of SABRE, The Security Institute; Chris Stevens, security specialist lead, Sidos UK Ltd; and Adam Savage – marketing & sales director, Barkers Fencing about making security easier and whether there are any shortcuts that are worth taking PAUL MUTTER, HVM PRODUCT LEAD UK, ATG ACCESS As ATG’s HVM Product Lead for the UK, Paul has overseen the company’s response to the paradigm shift within the security industry to an aesthetics-led approach. As well as a growing public awareness of security measures, Paul has dealt with the challenges of multistakeholder, high-profile projects very successfully.

GARETH HULMES, HEAD OF SABRE, THE SECURITY INSTITUTE Gareth is Head of SABRE, the security certification scheme for new and existing buildings, infrastructure assets and managed space. With a background in architecture and crime prevention, Gareth brings experience of performance assessment and certification of security assurance; both at a solution level, and at an asset level.



As specialist security and risk director at Sidos UK, Chris brings a wealth of experience in providing a breadth of security advice, particularly to the transport industry within the UK. Although specialising in rail, he has been engaged in hubs at airports and other land transport forms.

Backed by over two decades’ experience working in the security industry, Adam is now marketing & sales director at Barkers Fencing. He specialises in advising clients on high-security requirements on highvalue sites, and has developed an extensive knowledge of planning and navigating access control vulnerabilities, and assisting clients in achieving their objectives.




ecurity is an important issue and it is essential that everything is done by the book and appropriate actions are taken to ensure people’s safety. However, what can be done to make security ‘easier’ for those in the field? Are there shortcuts that can be taken? Are there jobs that can be done by machines? On the other hand, what are the potential outcomes if shortcuts are taken? Is it really worth the risk? CTB spoke to Paul Mutter, HVM product lead UK, ATG Access; Gareth Hulmes, head of SABRE, The Security Institute; Chris Stevens, security specialist lead, Sidos UK Ltd; and Adam Savage – marketing & sales director, Barkers Fencing. We started on the broad question of what can be done to make security ‘easier’ or more manageable. Gareth said: “Coming from my particular background in terms of methods that can make security easier and thinking of who it makes it easier for, that could be the security adviser, but also the end user. “I think standards and universally accepted guidance can make security much easier and more manageable. It means that we’re all on the same playing field. It also means you can compare service offerings from one provider to the next and it means that the end user can expect a similar experience when they move from deploying security on one project to the next.”

Adam agreed that standards are really important, but also added: “But for me, it’s always early engagement and I think there are lots and lots of good security consultants. “There are lots of, I mean like ourselves, experienced manufacturers who will be on hand to give people good advice. “If we can engage with people early on in the design of security, it becomes an awful lot easier to implement and manage down the line.” Paul also agreed on the importance of standards and highlighted that there are products available that can also make security easier: “On the product side, making security easier and more manageable, there are lots of products out there now in the landscape – all the way through from permanent to semipermanent to temporary products. “So these can make it much easier for companies, businesses, associations, whatever it might be to actually utilise different types of security for differing applications and maybe use the same if it’s something like a temporary product, they can use that in multiple areas to make security easier and more manageable for them, especially on the cost front.” Chris pointed out how important it is to treat each job individually: “We’ve always got to treat every site as an individual site. “We see it regularly from other people that they try and make

everything the same and that’s just the wrong approach. “You need to treat every single site as an individual because they’ll all have different quirks and reasons for being treated differently. “And if you don’t do it, then you end up with the shopping list approach to security, which is what we see from organisations and it’s the wrong approach.” Paul added: “Basically what you do when you start not having process is you start driving price down and then it’s basically a race to the bottom of the barrel and people, institutions, whoever it might be, just don’t get the correct product or the correct solution for what their requirements are.” Following on from this, we discussed whether there were any shortcuts that are actually worth taking. It was generally agreed that that best shortcut is to do it properly. Chris said: “I think if you try and take shortcuts then you aren’t doing the job properly because when you look at a site from the consultancy perspective you’ve got to look at the whole entity. “You can’t look at individual siloed aspects because that’s where people miss things, and it’s what falls between the gap that is the problem.” Paul pointed out the difference between being pragmatic and cutting corners: “Are you being pragmatic because you don’t have maybe the ability or funds to actually achieve E



EXPERT PANEL  what you want to do, but you want to do the best within your remit or are you just cutting corners?” It was highlighted by our panellists that it is important to consider proportionality. So we discussed in which situations we look to incorporate proportional security into a scheme, and how that manifests itself. When considering proportionality, things to consider include aesthetics and cost. Adam said: “Let’s put in a fence which is LPS 1175 C5 rated, but in reality for a big perimeter that could be really expensive. “And whilst, it would be lovely to sell a more expensive fence for a big perimeter, it’s probably more proportional to take a step back and actually mitigate the threat in another way, or to tweak the response time – if you can detect the attack quicker and respond quicker, then maybe we don’t need a fence.” Chris added: “If your if your client has only got £5000, it’s pretty pointless you trying to propose something that’s £50,000. So you have to understand that and therefore your proportionality goes to trying to achieve something for the cost or the money that they’ve actually got.” Gareth continued: “This comes back to the process again, doesn’t it? “It’s mapping out your threats against your assets and putting that all into the mix with your risk appetite and all the other factors which will ultimately lead you to make your decision whether to invest or which solutions to invest in.” Looking towards the future, we looked at how AI and machine learning can help with security planning and management. What aspects can be done by technology and which should remain in human hands? Gareth began: “Decision making has to remain in human hands as does risk acceptance. That can’t be done by it an algorithm, because they can’t stand in the dock and defend themselves. The person on the board, the person who’s ultimately responsible for security, holds that power. And I don’t believe that can be replaced by AI or machine learning.” Paul agreed: “It’s got to go through a human being to actually finally make that decision, especially on security because it can be such an important and critical part of a business or an organisation where it works and acts and runs again. “It’s great to look at things like facial recognition. It’s great to understand number plates coming into a compound and going out, what times, what sort of threat levels you have, but ultimately as an interface through a human being and that human being to make the ultimate decision on what happens where and when.”

Adam added: “I think about it from a pure perimeter physical fencing point of view, I’m not sure that a machine could walk a fence line and see that there is a boulder on the outside that someone could climb over, or a fence or a tree overhanging, that could be a climbing aid.” When it comes to aspects, which can be taken on by machines, Gareth said: “Where AI and machine learning and other clever kind of non-human activity can take place is churning the information. “So helping us understand threat information better or identifying patterns which perhaps the human eye can’t spot in a sea of complex information from different agencies.” Adam, agreed, he said: “I mean things such as data analysis, crime trends, you know, even looking at demographics of potential attackers, etc. there’s lots that I think AI could do.” He continued: “I suppose a security manager or consultant could even run some of their own ideas through AI to see whether AI does come up with something completely different as a bit of a sense check.” Chris added: “It’s very useful for monitoring mass movement of people. You can set your AI to identify suspicious behaviour or you can also do it for static monitoring.


“So you can monitor a location if people move into that, or if an item is left. “We’ve successfully done this at railway concourses where you leave a suitcase and the AI within the CCTV system will pick up a suitcase being left unattended for a couple of minutes and therefore you can then go and respond to it.” In conclusion, it was agreed that standards should be applied, so buyers are able to consider all services providers and expect similar experiences on different projects. Early engagement is important to manage the process through to the end. Products are also available to make security easier. It was agreed that shortcuts should not be taken when it comes to security. However, it is important to be pragmatic and proportionate, especially when it comes to cost. The human versus AI debate concluded that data analysis can be done by machines, however some jobs, in particular final decisions and taking responsibility should be done by humans. L



WHY A CHECKLIST APPROACH DOESN’T WORK FOR SECURING VENUES AND PREMISES For venue managers and owners of premises, ensuring adequate security can be a challenge

With changes to legislation making their way through Parliament, venue operators are struggling to keep up with and make sense of evolving rules and standards. When it comes to security, making sure that the people who use and work in venues are safe is the most crucial aspect, after which compliance with laws and guidelines will follow. In this Security In-Depth article, Lucy Ketley, sales and marketing director at ATG Access and Gareth Hulmes, Head of SABRE for The Security Institute, explore the idea that a checklist approach doesn’t work. WHAT IS A CHECKLIST APPROACH TO PERIMETER SECURITY? One of the major mistakes people make – especially when guidelines and laws suggest it – is thinking about compliance with a “checklist” mentality. If you’re looking at your venue security and wondering whether it complies, you can fall into the trap of thinking about each individual item line in legislation and working to check them off. Creating a checklist – even one with reference to official guidelines – can lead to dangerous thinking that limits creativity when coming up with solutions. If your sole focus is on ticking off individual items, you might miss the bigger picture. THE DANGERS OF A CHECKLIST MINDSET FOR SECURING YOUR VENUE Lack of adaptability: Security threats are constantly evolving; attackers often find new ways to exploit vulnerabilities. A static checklist may not adapt well to emerging threats, leaving gaps in the security defence. Limited scope: Checklists typically cover only basic security measures and may not address the unique vulnerabilities of a particular environment – a onesize-fits-all approach won’t cut it.

False sense of security: Relying on a checklist might give a false sense of security. Just because all the items on the list are checked off doesn’t mean you’re secure. A checklist could overlook critical security flaws. Human factor: Security isn’t just about technology; it also involves people and processes. A checklist might neglect training staff, establishing clear protocols, and promoting a security-conscious culture. Compliance: A checklist approach can lead to a focus on meeting compliance requirements rather than achieving robust security. Compliance is essential, but it should be viewed as a baseline. Integration: Security requires the integration of multiple tools and technologies. Insular approaches can neglect the interplay between various security components. WHAT SHOULD YOU BE DOING DIFFERENTLY TO SECURE YOUR VENUE? Security risk management standards such as the SABRE standard ( offers a different way of thinking about venue security: the standard suggests that you employ a “whole picture” approach to security. Developed by the BRE Group and operated by The Security Institute, the SABRE standard gives venue owners and operators a process-driven framework to ensure proper security for their premises. Every venue, public space, and premises is different, each facing varied and ever-changing threats. As the person implementing security at a venue, considering the specifics from a fresh slate can give you a better chance of delivering proportionate security. THE BENEFITS OF SECURITY RISK MANAGEMENT STANDARDS Standards can be individualised, with no requirement to follow a restrictive or prescriptive set of guidelines. The outcomes-led approach relies on creative venue security and provides a flexible standard that – while adaptable

to each individual situation – is comparable across different settings. For instance, the SABRE standard encourages security practitioners to document every decision. Assessing risk factors, and documenting that risks have been assessed and mitigated, provides an added layer of assurance baked into the decision-making process. If a risk has been assessed and deemed not appropriate to mitigate further, this decision is documented to show the thought process behind it. Successful application of the SABRE standard results in third-party LPCB (Loss Prevention Certification Board) certification; a globally established and highly respected mark of assurance in the field of security. HOW TO ENSURE PERIMETER SECURITY FOR YOUR VENUE The most important factors to consider are proportionality and value for money, both equally important in determining the right level of security. Thinking about the functions of a building or space and how people actually use it, from the capacity to the accessibility and its tertiary functions (as well as any future tertiary functions!) is crucial for determining how to protect a venue. Security risks are constantly changing, so reassess your security as they do. It’s vital to keep in mind the security of neighbouring spaces and how they respond to changing threats, as everything can have an impact on your venue. For the reasons above checklist approaches to venue security simply don’t work in the modern era. GET IN TOUCH WITH THE EXPERTS For more information on how to secure your venue and what physical security measures make sense for your situation, get in touch with ATG Access. L





TARGETING THE INDIVIDUAL: HOW SOCIAL ENGINEERING HAS EVOLVED - PHISHING ISN’T GOING ANYWHERE Find out about the threat of social engineering and how to protect yourself against cybercrimes like phishing at UK Cyber Week – Expo & Conference, on the 17-18 April 2024 of an employee’s company or sending a bogus invoice from a legitimate client in the hope it will get paid.

WHAT IS SOCIAL ENGINEERING? Social engineering is a type of fraud that involves manipulating people into divulging confidential information or performing actions that compromise security. Unlike hackers who target technological infrastructures to commit cybercrime, social engineering preys on human emotions and behaviours. Techniques can involve impersonating trusted figures, creating a sense of urgency, or exploiting human curiosity and are usually done via email or social media platforms in the form of phishing. For instance, an attacker might pose as IT support and request login details from an unsuspecting employee. Alternatively, they might send an email baiting the receiver into opening a malicious attachment or clicking on a harmful link. The essence of these attacks lies in deception, persuasion, and psychological manipulation. THE CONTINUING RISE OF PHISHING Despite being one of the oldest tricks in the cybercriminal book, phishing remains incredibly effective. In fact 79 per cent of UK businesses that suffered a cyber attack between 2022-2023 reported that phishing was used as part of the attack. The rise of phishing is primarily due to it targeting human psychology rather than technological vulnerabilities which companies are routinely improving through more enhanced cybersecurity. Whether through email, messages, or even phone calls, scammers can easily lure victims into providing personal information or clicking on malicious links without the need to hack any software or computer systems. But how has it managed to remain so effective in an era where awareness about

cyber threats is at an all-time high? As people have become more technologically savvy to cybercrime, phishing attacks have adapted and evolved. Modern-day phishing has become more sophisticated, often mimicking legitimate communications from banks, social networks, and even colleagues with incredibly convincing imitations. You might think phishing emails are easy to spot – they often have dubious sender addresses, poor grammar, and questionable links. And while many people and organisations have become adept at identifying these red flags, attackers are continually upping their game. Plus, methods aside from email are often preferred by attackers in this modern digital age. This year, over half of US businesses have experienced phishing attacks delivered via LinkedIn. There has also been a stark rise in attackers using telephone calls to strike their victims often referred to as “vishing” - turning what was once a traditionally secure form of communication into a potential vehicle for delivering the latest threats. The specificity of modern attack methods also sets them apart from their predecessors. Previously cyber scammers would cast a wide net, sending generic phishing emails to as many people as possible in the hope of at least one person falling victim. These days, phishing attacks are highly targeted to specific individuals or organisations in what is known as “spear phishing”. The scammers spend time researching their victims and harvesting any personal details that can make their trap more enticing and believable. This can include impersonating the CEO


HOW TO PREVENT PHISHING ATTACKS Recognising the threat of social engineering is only half the battle. Taking proactive steps to defend against these attacks is crucial for both individuals and organisations. The best defence against social engineering is awareness. Regularly educating employees about the latest tactics used by cybercriminals is a must. Simulated phishing exercises can be beneficial, allowing staff to experience firsthand how these attacks can appear. Implementing clear procedures for verifying identities over the phone, via email, or in person can also help ward off attacks. For instance, sensitive information requests should always be confirmed through a secondary communication channel. Two-factor or multi-factor authentication adds an additional layer of security. Even if a cybercriminal obtains login details, without a second verification method – be it a text code, biometric data, or a hardware token – they can’t gain access. Often, social engineering tactics involve exploiting software vulnerabilities. Ensuring regular software updates to fix these vulnerabilities will make it harder for attacks to succeed. If you want to find out more about the threat of social engineering and how to protect yourself against cybercrimes like phishing then join us at UK Cyber Week – Expo & Conference on the 17-18 April 2024, where you will hear from over 100+ cybersecurity experts, hackers and disruptors sharing their perceptives from across the industry, as well as a host of exhibitors, helping to create one of the UK’s most innovative cyber security conferences. L Get your free ticket below.



17-18 APRIL




Visual surveillance, scanning & monitoring solutions. We have led the way in providing the latest and most effective technologies to the security industry, Governments and critical infrastructure for over 35 years. Whether you are looking for the latest surveillance technology or need the most effective and easily deployed security scanning devices Inspectahire will have a solution to most effectively support your needs or assignment.

Get in touch | T: +44 (0)1224 789692 |

UK Distributor for the world leading:


INTERNATIONAL SECURITY EXPO Counter Terror Business was pleased to be a media partner for the Global Counter Terror and Serious and Organised Crime summit at International Security Expo in September



his year’s International Security Expo welcomed 9,000 visitors across the two days, alongside more than 300 exhibitors, showcasing the latest products, services and innovations designed to protect people, buildings, critical national infrastructure and more. CONFERENCES & SUMMITS Counter Terror Business was the media partner for the Global Counter Terror and Serious and Organised Crime summit, which featured a wide range of interesting talks and presentations. Minister of state for security, the Rt Hon Tom Tugendhat MP delivered a keynote speech in which he discussed the UK’s counter-terrorism strategy, the security challenges posed by the Ukrainian conflict and expanded further on the Government’s security priorities. The summit also hosted presentations from Detective Chief Superintendent Helen Williams, national coordinator Protect and Prepare - National Counter Terrorism Security Office (NaCTSO); Dr Martin Gallagher, company director - Kilmailing Consulting Ltd; Superintendent Kish Naidoo, deputy national coordinator, Protect & Prepare - National Counter Terrorism Security Office (NaCTSO); and Shaun Hipgrave, director Protect and Prepare - Home Office, Office for Homeland Security. The first day ended with a very impactful panel session on the realities of terror featuring Figen Murray, campaigner for Martyn’s Law; Ann Travers, advocacy officer South East Fermanagh Foundation (SEFF); Máiría Cahill, former Irish senator & author of ‘Rough Beast’; and Travis Frain, chair - UK Counter Terrorism Youth Advisory Group. The International Security Conference played host to a panel session on Martyn’s Law with campaigners Figen Murray OBE and Nick Aldworth, who were joined by Debbie

Bartlett, deputy director Protect and Prepare at the Home Office, Tracy Reinhold from Everbridge and Barrie Millett from Mitie. The conference also staged a seminar on the on the Impact of Inclusion and Belonging in the Security Industry, chaired by Satia Rai from IPSA and Securitas UK. The International Risk and Resilience Conference had a keynote address delivered by the Rt Hon Tobias Ellwood MP where he discussed the importance of preparedness and resilience in the current troubled and complex times. EXHIBIT More than 300 exhibitors showcased their latest products and innovations and were on hand to answer questions from visitors. DEMONSTRATIONS International Security Expo provided the stage for scenario-based counterterrorism demonstrations delivered by Counter-EO UK and CBRN-UK. The Counter-Explosive Ordnance team and a bomb disposal operator demonstrated specialist clearance

of an Improvised Explosive Device (IED), whilst a specialist CBRN operator ran a demonstration using chemical, biological and radiological detection apparatus. The British Transport Police Special Response Unit also demonstrated specialist equipment used for detecting and assessing powders, liquids and gases, in addition to the X-ray of suspicious packages. INTERNATIONAL CYBER EXPO International Security Expo was again co-located with International Cyber Expo, which this year welcomed almost 6,500 visitors – 35 per cent more than last year. The Expo hosted cyber security solution providers, who showcased the latest innovations and cuttingedge technologies that are needed to protect the digital world. International Security Expo returns next year, 24-25 September at Olympia London. L




Find suspects in minutes

Reduce search times for suspects in video footage from days, hours . . . to minutes! Cognitec’s face recognition technology imports still images and video material, finds all faces, and clusters the appearances of the same person, even across multiple media files. Investigators can search videos to find unknown persons, persons appearing together, frequently seen persons or groups, and known persons.

Talk to us about your face recognition requirements and projects! Most experienced. Highly trusted. Cognitec is the only company that has worked exclusively on face recognition technology since its inception in 2002. |


Policing minister Chris Philp recently announced at the Conservative Party conference that he wanted police officers to have access to a wider range of databases outside of those on the national database, which only includes people who have already been arrested



he announcement could mean police having access to passport photos to use for facial recognition in an attempt to fight crime. Philp said: “I’m going to be asking police forces to search all of those databases — the police national database, which has custody images, but also other databases like the passport database.” The Home Office said that facial recognition has already been used to help catch criminals. A Home Office spokesperson told the BBC that facial recognition has already been used to help catch criminals and that the technology could also be used to help search for missing or vulnerable people. A spokesperson said: “Facial recognition, including live facial recognition, has a sound legal basis that has been confirmed by the courts and has already enabled a large number of serious criminals to be caught, including for murder and sexual offences.” CRITICISM However, these plans have been widely criticised. Biometrics and surveillance camera commissioner Professor Fraser Sampson has said that the plans risk damaging public trust. Professor Sampson told the BBC: “The state has large collections of good quality photographs of a significant proportion of

the population - drivers and passport holders being good examples - which were originally required and given as a condition of, say, driving and international travel,” he said. “If the state routinely runs every photograph against every picture of every suspected incident of crime simply because it can, there is a significant risk of disproportionality and of damaging public trust.” A group of 65 parliamentarians and 31 rights and race equality organisations have called for an urgent stop to the use of facial recognition surveillance by the police and private companies. Signatories to the statement include David Davis, Diane Abbott, Christine Jardine, Ed Davey and Caroline Lucas. The statement says: “The signatories to this call are rights organisations, race equality organisations, technology experts, and parliamentarians. “We hold differing views about live facial recognition surveillance, ranging from serious concerns about its incompatibility with human rights, to the potential for discriminatory impact, the lack of safeguards, the lack of an evidence base, an unproven case of necessity or proportionality, the lack of a sufficient legal basis, the lack of parliamentary consideration, and the lack of a democratic mandate. E



FACIAL RECOGNITION  “However, all of these views lead us to the same following conclusion: “We call on UK police and private companies to immediately stop using live facial recognition for public surveillance.” Silkie Carlo, director of Big Brother Watch, said: “This important call from MPs to urgently stop live facial recognition represents the greatest involvement parliamentarians have ever had in Britain’s approach to facial recognition surveillance. “With the Government now planning to turn all of our passport photos into mugshots for facial recognition scanning, yet again absent any democratic scrutiny, this intervention could not come at a more important time. This dangerously authoritarian technology has the potential to turn populations into walking ID cards in a constant police line up. “The UK’s reckless approach to face surveillance makes us a total outlier in the democratic world, especially against the backdrop of the EU’s proposed ban. “As hosts of the AI summit in autumn, the UK should show leadership in adopting new technologies in a rightsrespecting way, rather than a way that mirrors the dystopian surveillance practices of Saudi Arabia and China. There must be an urgent stop to live facial recognition, parliamentary scrutiny and a much wider democratic debate before we introduce such a privacyaltering technology to British life.” LEGISLATION AND BANS The EU is considering a ban on AI-powered facial recognition surveillance under the new AI act and other jurisdictions around the world have already banned it.


IN SEPTEMBER, 120 CIVIL SOCIETY ORGANISATIONS AND 60 EXPERTS CALLED FOR A GLOBAL STOP TO FACIAL RECOGNITION SURVEILLANCE In September, 120 civil society organisations and 60 experts called for a global stop to facial recognition surveillance. Ella Jakubowska, senior policy advisor at European Digital Rights (EDRi) said: “With the upcoming Artificial Intelligence Act, the European Union has the chance to become a world leader in protecting people from public facial recognition and other biometric surveillance. European Parliamentarians have spoken loud and clear in support of strong bans. “Worryingly, EU governments continue to push back, citing vague claims of ‘safety’ and ‘security’ without providing any objective evidence. They want an unlimited margin of discretion to subject our faces, our bodies and our communities to these dystopian uses of technology, despite a complete lack of democratic mandate.” USE CASES South Wales Police have hit the headlines a few times for their use of facial recognition technology. Ahead of Harry Styles’ concerts in Cardiff on 20 and 21 June, fans were warned that they could be scanned by live facial recognition cameras deployed in the area by South Wales Police. The cameras were to be used to identify people wanted for priority offences. South Wales Police stated: “It’s being deployed specifically to seek out wanted individuals. Fully appreciate the

concert has a young audience, however concert-goers won’t be the only people in the city centre during this time.” At a Beyoncé concert earlier in the year, the force said the technology would be used “to support policing in the identification of persons wanted for priority offences… to support law enforcement… and to ensure the safeguarding of children and vulnerable persons”. South Wales Police have used the technology at previous events. Using the technology at a rugby match, 108,540 faces were scanned, resulting in the arrests of two people. South Wales Police has a LFR FAQ page on its website. It states: “The specific purpose for Live Facial Recognition deployment is: To support Policing in the identification of persons wanted for priority offences, to support law enforcement including the administration of justice (through arrest of persons wanted on warrant or unlawfully at large/ recall to prison), and to ensure and promote the safeguarding of children and vulnerable persons at risk.” The website also lists occasions where the force has used LFR, as well as the events already listed, the technology was utilised at Pride Cymru in August 2022 and Wales Airshow in July 2023. The website says: “Live Facial Recognition technology is used as an efficient and effective policing tactic to prevent and detect crime, and protect the most vulnerable in our society.” L


In the most recent risk register published by the UK government, when grouped together with cyber attacks on infrastructure, a cyber attack on telecommunications systems was given a 5-25 per cent likelihood rating

WHAT ARE THE THREATS TO CRITICAL COMMS? Telecommunications makes up part of the communications critical national infrastructure sector and includes fixed line communications and mobile communications, as well as internet infrastructure. The risk register considers them a valuable target for cyber criminals, and as such it is important to build security and resilience capabilities. It is the communication providers who are responsible for assessing risks and then taking the appropriate measures to ensure the security and resilience of the networks. The Telecommunications (Security) Act was introduced in 2021, which sets out requirements for providers. In the scenario imagined by the risk register, a cyber attack against a major telecoms provider would affect millions of customers – including customers on other networks that connect or route through the impacted network. It could also impact services provided by other CNI sectors. It could also mean that customers are unable to call the emergency services. It is anticipated that disruption could last for up to 72 hours, but could last weeks or even months. It could be difficult to identify the attacker – whether state threat, cybercriminal or hacktivist – and the cause and extent may not be immediately known. Some state actors have already displayed the capabilities needed to attack telecoms networks. It is hard to predict how an attack such as this would unravel, without having specific intel. Since a major cyberattack on the telecommunications system has not yet taken place on a large scale in the UK, the potential variations in terms of attack vector

and scale and the services and sectors impacted are hard to estimate. The impact of a physical attack on infrastructure should also be considered. The risk register highlights the possibility of damage to transatlantic telecommunications cables. Damage to these cables, which carry large volumes of data which facilitate telephone communications and internet access, would cause widespread disruption across the UK and elsewhere. The risk register points out that the system is generally resilient, so the likelihood of a total loss of transatlantic telecommunications is unlikely. The risk register considers as a worstcase scenario that transatlantic subsea fibre optic cables would be damaged over a period of several hours and would therefore be inoperable. This would lead to considerable disruption to the internet and essential services which rely on offshore providers of data services. Repair for damage of this scale would take several months. A physical attack on infrastructure should not be considered unheard of or impossible. At the end of last year, a man was convicted of planning an attack on vital national infrastructure. Oliver Lewin was convicted of planning a terrorist attack by performing reconnaissance, purchasing equipment and tools and seeking to recruit like-minded individuals to help him, with vital national infrastructure, including communications masts, being the main targets of his planned attacks. He was found guilty of preparing acts of terrorism at Birmingham Crown Court on 19 December 2022. The 38-year-old’s main targets were major communications

infrastructure. In a notebook, he had written a target list, which included: “Media, Transport, Infrastructure, Power, Comms, Roads & Rail”. He had drafted a document entitled “Civilian Resistance Operations Manual”, which was recovered from his laptop. The manual encouraged the reader to join the cause and commit attacks: “For now there are several things that we can collectively do to cause significant damage to the country and send a message that we are serious in our mission”. The investigation found that Lewin had collected a large amount of military-style equipment and tools, whilst also being in possession of three air rifles. In a telegram group, which he joined in July 2021, Lewin wrote: “we are at war people make no mistake... Peaceful marching has not and will not do anything. You have to choose a better strategy. I have one that I think will work but it involves staying out in the wild for a few days at a time.” Lewin used the group to search for others to help him in an attack on national infrastructure. He dug hide-outs in woodlands, which he explained to the group were to escape detection. Before he was arrested, he visited the Bardon Hill transmitter communications mast in Leicestershire at night, taking videos of the location and manhole covers which housed fibre communications equipment. He also visited communications masts at Markfield Hill and Copt Oak and took photos. It was later proved in court that this was reconnaissance to help him plan terror attacks. L




A record number of visitors attended The Emergency Services Show and co-located The Emergency Tech Show at the NEC on 19 and 20 September

VISITOR NUMBERS UP OVER 30 PER CENT T he UK’s largest event for the emergency services attracted over 12,000 visitors and buyers, with strong representation from across all the emergency services including police, fire & rescue, ambulance, and search & rescue. Total attendance was over 30 per cent higher than last year’s record for the event. For the first time, The Emergency Tech Show brought together all the latest in digital transformation tools; connectivity; control room solutions; software and apps; wearable tech; cloud storage; virtual


reality training simulation; and the use of AI for predictive emergency response, resource allocation and data analysis. The show’s visitors participated in over 140 hours of CPD-accredited seminars running in nine theatres: the Lessons Learned Leaders’ Summit, Innovation Theatre, College of Paramedics Theatre, Resilience & Recovery Theatre, Policing Theatre, Health & Wellbeing Theatre, Microsoft Partner Theatre, Emergency Tech Keynote and the Tech Hub. Every session was well attended, with one of the most popular being actor

EMERGENCY SERVICES SHOW and documentary maker Ross Kemp’s fireside chat in the Policing Theatre looking at reality TV vs. real policing. The show’s biggest audience joined Adam Kay, BAFTA-winning television writer, comedian, former doctor and author of This is Going to Hurt in the Lessons Learned Leaders’ Summit, where he shared his thoughts on how the NHS could better support the mental health and retention of its staff. The College of Paramedics’ CPD workshops also proved extremely popular again this year. The jet suit demonstration by Rowan Poulter of Gravity Industries also drew crowds to the Outside Area. Across both shows, the indoor and outdoor exhibition featured over 600 exhibitors from which visitors could source new products, solutions and advanced technologies designed for the emergency services including: IT and communications, vehicles and fleet, medical, firefighting, road safety, search & rescue, extrication, water rescue, protective clothing and uniforms, training and station facilities. Kathleen Canavan, advanced nurse practitioner at The Galway

Clinic summed up the genuine excitement and awe of many visitors: “It’s amazing; it’s action-packed. Every time you turn a corner there’s something else and everybody is so passionate about what they’re doing. You can feel that in the air.” Danny O’Neill, sales manager of Dräger UK typified the feedback from exhibitors when he said: “The show continues to be an excellent location, the place to be for the emergency and rescue services. We absolutely definitely are going to be here next year; we look forward to it. It’s a great opportunity and we’re really proud to be part of it with what we’re doing here.” “Footfall has been really good. We were absolutely rammed. We’ve got around 20 staff here and at some points we needed more,” said Peter Benson, chief executive officer of The Ortus Group. “The Emergency Services Show is how we kick off our financial year, that’s how important it is for finding new customers and catching up with existing,” said Callum Farrell, UK sales manager at Excelerate Technology. “Even if we base it on last year, it’s

played a massive role in us exceeding our sales target. It’s invaluable.” The Emergency Services Show and the Emergency Tech Show return to Halls 4 & 5 at the NEC, Birmingham from 18-19 September 2024. Companies and organisations interested in booking a stand at The Emergency Services Show 2024 should contact: Emergency services personnel interested in attending in 2024 can register their interest here: https://www.emergencyuk. com/register-your-interest L




BORDER MANAGEMENT & TECHNOLOGIES SUMMIT MIDDLE EAST The Border Management and Technologies Summit Middle East 2023 will feature a diverse array of keynote speeches, panel discussions, and an exhibition, allowing attendees to explore the latest advancements in border management technologies and strategies The Border Management and Technologies Summit Middle East 2023 is set to take place from 14-16 November 2023 in Dubai, UAE, bringing together leading experts, government officials, industry leaders, and innovators from around the world to explore the latest advancements and strategies in border security and management. This high-profile summit is an indispensable event for those at the forefront of safeguarding borders and ensuring the safety and security of nations. Building on the success of previous events, the Border Management and Technologies Summit Middle East 2023 promises to be the most significant gathering of its kind in the region. Hosted at Le Méridien Dubai Hotel & Conference Centre, Dubai, the event will feature a diverse array of keynote speeches, panel discussions, workshops, and exhibitions, providing attendees with a comprehensive and insightful experience. This summit is especially timely given the ever-evolving landscape of

global security challenges. It serves as a crucial platform for sharing expertise and experiences in confronting issues such as international crime, terrorism, immigration, and trade facilitation. WHAT YOU CAN EXPECT: Renowned experts and thought leaders will share their insights on emerging trends, challenges, and innovative solutions in border management and security. Delegates can expect to hear from VIP Speakers, including esteemed dignitaries and influential figures from the Middle East and beyond. The summit will showcase the latest technologies, including artificial intelligence, biometrics, surveillance systems, and more, designed to enhance border security and streamline border management operations. Delegates will also be able to gain valuable knowledge about the evolving policies and regulations related to border management

and security in the Middle East. Attendees will also have the opportunity to network with peers, government officials, and industry professionals, fostering collaborations that can drive advancements in border security. Join us for a unique tour of Dubai port hosted by DP World and discover the innovative technologies leveraged by Jebel Ali to deliver optimal operational efficiency and receive an exclusive preview of the latest breakthroughs, including BoxBay, a state-of-the-art High Bay Storage (HBS) system. In addition, witness the latest in industry innovations first hand, with a visit to Global Freight Summit 2023. Hosted at the Coca Cola arena, join global supply chain professionals as they collaborate on Making the Future Supply Chain a Reality. To register click here and use code: GFSSAS100. Visitors to the Global Freight Summit can also explore an extensive exhibition hall featuring leading companies showcasing their products, services, and solutions in the field of border management and security. EVENT ORGANISERS The Border Management and Technologies Summit Middle East 2023 is organized by International Border Management and Technologies Events Ltd on behalf of IBMATA, a global not-for-profit organisation and NGO passionately dedicated to advancing the safe and secure movement of people and goods across international borders. IBMATA provides a unique platform that unites a diverse range of stakeholders, including experts, practitioners, academics, policymakers, and technology providers. Together, we collaborate to develop and promote best practices in the application of modern border management principles and harness the intelligent use of new and emerging technology. L



REVIEW OF THE YEAR It may only be October, but a lot has happened this year already, including draft publication of Martyn’s Law, the Manchester Arena Inquiry, an updated CONTEST strategy, the independent review of Prevent, along with ongoing war in Ukraine and now in Israel and Gaza too. CTB takes a look back at some of the biggest stories of the year.

CTB’S REVIEW OF 2023 JANUARY In January, Royal Mail was hit by a cyber incident, during which the public were unable to send parcels abroad. The attack was attributed to a ransomware gang linked to Russia. A man was arrested after uranium was found in cargo at Heathrow airport. A security alert was triggered at the airport on 29 December, leading to a response from officers from the Metropolitan Police’s Counter Terrorism Command. The uranium was found in a shipment of scrap metal and police said there was no threat to the public. A 27-year-old man was arrested by counter terror police after a suspicious package was found outside St James’s University Hospital in Leeds. The hospital declared a critical incident and evacuated patients from the Gledhow maternity wing. FEBRUARY In February, the long-awaited independent review of Prevent was published, with the government accepting all the recommendations. Ordered by former home secretary Priti Patel in 2019, the review

conducted by William Shawcross found that Prevent “is not doing enough to counter non-violent Islamist extremism” and “has a double standard when dealing with the Extreme Right-Wing and Islamism”. “Prevent takes an expansive approach to the extreme right-wing, capturing a variety of influences that, at times, has been so broad it has included mildly controversial or provocative forms of mainstream, right-wing leaning commentary that have no meaningful connection to terrorism or radicalisation. “However, with Islamism, Prevent tends to take a much narrower approach centred around proscribed organisations, ignoring the contribution of non-violent Islamist narratives and networks to terrorism. “Prevent must ensure a consistent and evidence-based approach to setting its threshold and criteria, and ensure it does not overlook key nonviolent radicalising influences.”. Shamima Begum lost her appeal over the decision to remove her British Citizenship. Then home secretary Said Javid removed her British citizenship in 2019. Mr Justice Jay told the court that the appeal had been fully dismissed. E




 The ruling means that Begum will not be able to return to the UK. Begum left the UK to join Islamic State when she was 15. She married a fighter and had three children - all of whom have died. Detective Chief Inspector John Caldwell was shot several times after a training session for his son’s football team in Omagh. MARCH In March, Sir John Saunders published volume 3 of the Manchester Arena inquiry. This volume focused on how attacker Salman Abedi was radicalised and whether security services missed chances to stop him. According to the report, MI5 missed a significant opportunity to take action that might have prevented the attack. The inquiry also found that the bomber Salman Abedi, and his brother Hashem, probably received assistance from someone in Libya. In his budget, Chancellor Jeremy Hunt announced £11bn for defence over the next five years. He also said defence spending will rise to 2.5 per cent of the UK’s GDP as soon as fiscal and economic circumstances allow. The terrorism threat in Northern Ireland was raised from substantial to severe. Secretary of state for Northern Ireland Chris Heaton-Harris said that the public should remain vigilant, but not be alarmed and continue to report any concerns they have to the Police Service of Northern Ireland.

The UK evacuated British nationals from Sudan when rival military forces began fighting in the country. MAY In May, a man was arrested after throwing a number of items into the grounds of Buckingham Palace. The man was arrested on suspicion of possession of an offensive weapon after he was searched and a knife was found. Police said he was not carrying a firearm. The Metropolitan Police issued a statement of thanks following the King’s coronation. Over the coronation weekend, thousands of people travelled to London to watch the coronation and take part in events. 11,500 officers worked on Saturday, supported by colleagues from across the UK, and overseas. The results of the Bee The Difference survey, which collected the experiences of more than 200 young survivors of the Manchester Arena attack, were published on the sixth anniversary of the attack. The report highlights six ways that individuals and institutions can help to create change together. These include Bee visible, Bee compassionate, Bee experienced, Bee flexible, Bee patient and Bee proactive.

APRIL In April, Finland joined NATO, becoming the 31st member of the alliance and doubling NATO’s border with Russia. NATO secretary general Jens Stoltenberg said: “This will make Finland safer and NATO stronger.” Finland has an active armed force of around 30,000 as well as 250,000 reserves. 2023 marked the 25th anniversary of the Good Friday Agreement, with several commemorative events held. US president Joe Biden visited Northern Ireland. An emergency alert test was held, which reached most UK mobile phones. The test was for an alert that could be used to warn about dangerous situations such as terror attacks or floods. Some people reported that the alert went off earlier or later than planned, while others did not receive the alert at all.


The survey was carried out in collaboration with the National Emergencies Trust and Lancaster University. A man was arrested by armed officers on suspicion of criminal damage and dangerous driving after a car crashed into Downing Street. JUNE Grace O’Malley-Kumar and Barnaby Webber, students at Nottingham University, and Ian Coates were killed in Nottingham. JULY In July, the biometrics and surveillance camera commissioner Professor Fraser Sampson wrote to paymaster general and minister for the cabinet office Jeremy Quin outlining identified security and ethical issues in the use of surveillance camera technology, and Artificial Intelligence in the same sphere. After being passed by both Houses of Parliament and securing Royal Assent, the National Security Bill became law on 11 July. The government said: “This new act brings together vital new measures to protect the British public, modernise counter-espionage laws and address the evolving threat to our national security. “With this new legislation, the UK is now a harder target for those states who seek to conduct hostile acts against the UK, which include espionage, foreign interference (including in the political system), sabotage, and acts that endanger life, such as assassination.

REVIEW OF THE YEAR “The new powers will help ensure that the UK remains the hardest operating environment for malign activity undertaken by foreign actors.” The Metropolitan Police launched its new Policing Plan, which intended to put communities back at the heart of policing and deliver more trust, less crime and high standards. Conservative MP Tobias Ellwood posted a video on Twitter claiming Afghanistan is “a country transformed”. In the video, Ellwood claimed that Afghanistan is accepting a more authoritarian leadership in exchange for stability. He said that the streets of Kabul are relatively safe and businesses are reopening. Ellwood states that there is a calm across the country that elders say has not been experienced since the 1970s. He then resigned from the defence select committee after criticism of the video. Anjem Choudary was again charged with terrorism offences. The UK government launched CONTEST 2023, billed as “a refreshed approach to the evolving and enduring threat from terrorism”. CONTEST 2023 sets out the UK’s approach to a domestic terrorist risk and addresses a persistent and evolving overseas threat from Islamist groups, and the exploitation of technology by terrorists. Quran burning in Denmark and Sweden led to unrest in Muslim-majority countries. Six men were found guilty of terrorist murder for their part in the 2016 Brussels bombings which killed 32 people and injured more than 300 at the airport and a metro station. Two others were found guilty of taking part in terrorist activities, while two others were acquitted of all charges. Salah Abdeslam was one of those found guilty. Abdeslam was already serving a life sentence in France for his role in the 2015 Paris attacks. Draft legislation for Martyn’s Law was published and criticised by MPs on the Home Affairs Select Committee. The report claims that the legislation would be ineffective, not prevent attacks and would burden small businesses. It also said that the law would be hard to apply consistently. The MPs said that it was unclear what the aims of the legislation were, as it had been promoted as terrorism-prevention legislation, but the measures would instead reduce the consequences of an attack that has actually taken place. Martyn’s Law campaigners criticised the report. Figen Murray, mother of Martyn whom the law is named after and who has campaigned for the law said: “Having lost my son to terrorism, along with so many

BONFIRE NIGHT, CHRISTMAS LIGHT SWITCH ONS, CHRISTMAS MARKETS AND OTHER END-OF-YEAR FESTIVITIES ARE SET TO DRAW BIG CROWDS AND THE SECURITY IMPLICATIONS THAT COME WITH IT others in the Manchester Arena attack, I find it hard to understand the argument that a few hours of training each year is a disproportionate step for businesses to take. “Martyn’s Law is a proportionate response that will keep millions of us safer and the Government must now press ahead.” AUGUST In August, deputy prime minister Oliver Dowden published the National Risk Register, which outlines the risks facing the UK. The register includes 89 threats that would have a significant impact on the UK’s safety, security or critical systems at a national level. Threats listed include disruption to energy supplies following the invasion of Ukraine, malicious uses of drones to disrupt transport and other critical operations and threats to undersea transatlantic telecommunications cables used for internet and communications. Details of a data breach at the Electoral Commission were revealed and the incident was linked to Russia. PSNI was also victim of a data breach with the data believed to be in the hands of Dissident Republicans. Yevgeny Prigozhin, head of the Wagner mercenary force was killed in a plane crash. The Met Police also investigated unauthorised access to a supplier’s IT system. Ben Wallace resigned as defence secretary after four years in the role and nine years in total as a minister. Grant Shapps was announced as his successor. SEPTEMBER In September, Daniel Khalife, who was in prison awaiting trial on terrorism offences, escaped, after allegedly strapping himself to the underside of a food delivery vehicle. He was arrested again three days later, not far from HMP Wandsworth from which he escaped. He has since pleaded not guilty to escaping. The government published refreshed draft Prevent duty guidance, along with a statutory instrument laid in the House of Commons to bring it into force under the CounterTerrorism and Security Act. The guidance delivers on several recommendations from the independent review of Prevent

and includes practical advice for those with responsibility to stop people from becoming terrorists or supporting terrorism. The guidance is aimed at frontline professionals in healthcare, education, local authorities, prisons, probation and the police. Personal details of police officers from Greater Manchester Police (GMP) were hacked in a cyberattack. An ID card company in Stockport, which holds information on some GMP staff, was the victim of the cyberattack. The Ministry of Defence offered soldiers to support the Met Police after several Met police officers stood down from firearm duties in the wake of an officer being charged with the murder of Chris Kaba. OCTOBER In October, new restrictions on poisons and explosive substances came into force. The changes came into force through the updates to the Poisons Act 1972. The changes mean stricter requirements on reporting suspicious activity, including new obligations for online marketplaces. Customer information, such as photo identification, will also need to be recorded when selling regulated materials to business users. Hamas launched an attack on Israel and Israel responded with attacks on Gaza. A suspect was shot in Brussels after two Swedish nationals were killed by a gunman ahead of a football match between the two nations. The Online Safety Act and Economic Crime and Corporate Transparency Act received Royal Assent. WHAT CAN WE EXPECT FROM THE REST OF THE YEAR AND INTO NEXT? Bonfire night, Christmas light switch ons, Christmas markets and other end-of-year festivities are set to draw big crowds and the security implications that come with. We can also hope for progress on Martyn’s Law. Meanwhile, conflicts in Ukraine, Israel-Gaza, Nagorno-Karabakh, Sudan and elsewhere are still ongoing. L




AVIATION SECURITY The liquid limits on aeroplanes are an ingrained part of travelling nowadays, we all know what we can and can’t take in our hand luggage. But things are starting to change with the introduction of new technology

WHAT EFFECT WILL THE NEW LIQUID RESTRICTIONS HAVE? G enerally, there are restrictions on the amount of liquids one can take in their hand luggage, this includes all drinks, liquid foods, cosmetics and toiletries, sprays, pastes, gels and anything similar. These restrictions were introduced in 2006 after a plot to blow up planes was uncovered. The would-be attackers had planned to hide explosives inside soft drink containers. The initial restrictions were introduced with very little notice and passengers were told they could only take a purse or wallet on board. Only milk for babies was allowed through, on the grounds that the accompanying parent tasted it in front of security staff. These restrictions lasted three months and were then relaxed to what we know now. If a flier does take liquids on to a plane, the containers must hold no more than 100 ml


and be in a single, transparent, resealable bag which holds no more than a litre and measures approximately 20cm x 20cm. Only one bag is allowed per person.

NEW TECHNOLOGY Teesside and London City Airport have both introduced new technology, which means that these restrictions no longer apply at these airports. Major airports including Heathrow, Gatwick, Stansted, Manchester, Newcastle and Edinburgh have been given until 2024 to invest in the new technology. New advanced CT scanners have the ability to create 3D-layered images that can be tilted and rotated, so security staff are better able to identify the contents of bags. Current machines are only able to produce 2D images. The CT scanners use the same technology as their medical siblings

AVIATION SECURITY and can analyse the molecular structure of the contents of a bag. They also have updated explosive detection capability. The new scanners also mean that laptops, cameras and tablets can remain inside hand luggage when it comes to security checks. It is hoped that the new security will cut the amount of time passengers have to wait in security queues. The new technology reduces the amount of time that security staff spend searching bags – time which some argue can be spent looking at the person instead. NEW RULES At airports which have installed the new scanners, passengers will be able to carry up to two litres of liquid in their hand luggage and this will not need to be carried in a clear plastic bag. At the end of 2022, the transport secretary Mark Harper announced that the rules would change by 2024, with the installation of new technology. He pointed out that most major airports would install the technology by 2024 and highlighted the greater convenience and improved security. He said: “The tiny toiletry has become a staple of airport security checkpoints, but that’s all set to change. I’m streamlining cabin bag rules at airports while enhancing security. “By 2024, major airports across the UK will have the latest security tech installed, reducing queuing times, improving the passenger experience, and most importantly detecting potential threats. “Of course, this won’t happen straight away – this is going to take 2 years to be fully implemented. Until then, passengers must continue following the existing rules and check before travelling.” He also announced that airports had until June 2024 to upgrade their systems. In the meantime, passengers are reminded that usual rules apply unless they are told otherwise in relation to the airport they are travelling from. Christopher Snelling, policy director at The Airport Operators Association (AOA), said: “This investment in nextgeneration security by the UK’s airport operators will provide a great step forward for UK air travel, matching the best in class around the world. “It will make the journey through the UK’s airports easier and air travel itself more pleasant.”

AT AIRPORTS WHICH HAVE INSTALLED THE NEW SCANNERS, PASSENGERS WILL BE ABLE TO CARRY UP TO TWO LITRES OF LIQUID IN THEIR HAND LUGGAGE security not meeting the restrictions. Of course airport security is not the same all over the world, so if a passenger is flying out of London City Airport, the restrictions will not apply on their outbound journey, but may very well do when they fly back out of an airport abroad. It is also important to consider restrictions at any airport where a passenger may be transferring, as the rules may not be the same across all legs of the journey. When the technology was introduced at London City Airport back in April, chief operating officer Alison FitzGerald told the BBC: “The level of processing now through the X-ray is even more secure than it was previously and the machine has the ability to differentiate between a nondangerous and a dangerous liquid.” The technology was installed at Jersey Airport in July. Jersey Airport’s Head of Security, Maria Le Tiec, told ITV: “We are pleased to have installed two of the three X-ray machines in time for the airport’s peak summer period. “Work will continue to install the remaining X-ray machine, which should go live in mid-August. Full body scanners are scheduled for introduction by October 2023.”

The day after the installation, issues with one of the machines meant some passengers had to use the old machines, and therefore the old restrictions as well. Edinburgh Airport has made an order for new scanners, which are set to be installed in 2024. Edinburgh Airport chief operating officer Adam Wilson told the BBC: “Safety is always paramount and by moving forward with these innovative and next generation scanners, we will maintain those high security standards while helping passengers move through the airport quicker.” Willie Walsh, director-general of the International Air Transport Association said: “Implementing this technology should not come with a big bill. In fact, simplified processes should deliver significant efficiencies.” “Speedy deployment should be possible. The technology has already been used successfully and for a long time at various airports across the world with measurable improvements to the passenger experience.” It is hoped that even more technological developments in the future will greatly reduce the need for lengthy and timeconsuming security checks. L

INFORMATION DELAY There is a concern that the information has not been widely or adequately explained to passengers. Some people may have heard the headlines and expect the new restrictions to apply to all airports and turn up to airport


CYBERSECURITY Chris Dimitriadis, global chief strategy officer at ISACA looks at ways the public sector can protect itself from cyber threats

COMBATTING CYBER THREATS The Electoral Commission took 14 months to notice hackers flying under the radar in their systems. In the process, the personal data of over 40,000 voters was accessed and compromised. Although high profile, the Electoral Commission is not alone in its vulnerabilities. Its attack is just one example of many – in fact, according to CheckPoint, the rate of global cyberattacks grew by a staggering 22 per cent in 2022. This demonstrates how cyberattacks are becoming more frequent, complex, and often lie undetected – posing real issues for organisations who possess reams of data on their customers. So, why is the public sector at such risk of cyberattack? Cyberattacks are a threat to all institutions, whether public or private sector. But the public sector in particular faces nuanced challenges – in fact, the IGM cost of a Data Breach research found that public sector organisations bear the brunt of data breaches with a staggering average cost of $2.6m. A mounting reliance on technology and the possession of an abundance of personal data alongside many other factors leaves the public sector vulnerable. And this is even more concerning amid limited budget and resources, with the government tightening their belts in times of economic uncertainty. But with attacks against the public sector gaining traction, the industry clearly needs to get better at identifying and dealing with cyberattacks. And it all begins with making digital trust a number one priority.

three organisations do not measure their digital trust practises at all. This must change, and it must change soon, if the public sector is to protect itself. But, how? MAKE CYBERSECURITY A TOP PRIORITY Firstly, cybersecurity must be a business priority for all. Public sector organisations must invest in protecting themselves from attacks, in identifying risks in a rapidly changing environment in establishing prevention, detection, response and recovery mechanisms towards minimising the impact - ensuring they maintain high digital trust. Cybersecurity has long been neglected by leaders, or considered a non-priority for successful project delivery in public sector organisations. But this couldn’t be further from the truth. Leaving an organisation open to cyberattacks without protection threatens the safety of data – with a negative knock-on effect on the reputation of public sector organisations, customer relationships, and as a result, their effectiveness. So, what would this investment look like? It all starts with people. We need more holistic professionals that on top of the vertical expertise in cybersecurity also understand adjacent domains like audit, privacy and risk – as well as good knowledge on the business and technology environment they are trying to protect. We also need more awareness programs so all employees within the organisation understand the risks and that cybersecurity is a shared responsibility that should be embedded in the conduct of their daily tasks.

DIGITAL TRUST IS KEY ISACA defines digital trust as the confidence in the relationship between providers and consumers within an associated digital ecosystem. It’s essential for any public sector organisation to succeed, protect their reputation and build relationships with constituents as exchanges and transactions are more likely to happen when people trust an organisation. ISACA’s research into the state of digital trust reveals that 92 per cent of European business and IT professionals say digital trust is important to their organisation. But despite its importance, it’s not being prioritised – of those surveyed, one in

UPSKILL THE CURRENT AND PROSPECTIVE WORKFORCE It is integral that all staff members have an awareness and basic understanding of cybersecurity, and every public sector organisation needs skilled cyber professionals. But they are lagging on this – half of all UK businesses are suffering from a basic cybersecurity skills gap. This gap must be addressed if the public sector is to stand a chance of protecting itself against the rising threat of cyberattacks. So, public sector organisations need to upskill their staff so they are trained in cyber – and hire cyber professionals at every level of the organisation


who can use their expertise to tackle cyberattacks head on. Schemes like the Upskill in Cyber programme from the UK government are helping to tackle this problem, encouraging anyone to sign up, including those that don’t have any prior experience in the industry. And as well as the Government, cyber institutions such as ISACA are making headway in closing the skills gap - for example, we are providing 20,000 free memberships to students in Europe to increase the number of networked cybersecurity professionals in the Europe and collaborating with over 60 training organisations and academic institutions to ensure teachers and trainers possess the necessary knowledge and credentials. But more needs to be done – and skills need to be prioritised in the months and years ahead to ensure we’re creating a cyber resilient workforce, trained up to confront the challenges the public sector will no doubt face. Fundamentally, a combination of buy-in at board level on cybersecurity and a skilled and trained workforce, will ensure public sector organisations maintain high digital trust – and be in a position to ward off threats and hackers. This way, incidents should be more preventable and dealing with the aftermath of a cyberattack will be easier and quicker by identifying the threat sooner. As a direct result of cybersecurity being taken more seriously, public sector organisations will be stronger and more successful in the long run. L


Cognitec is the only company worldwide that has worked exclusively on face recognition technology since its inception in 2002, offering products for facial image database search, recorded video investigation, real-time video screening and people analytics, border control, ISO-compliant photo capturing and facial image quality assessment.


CEIA (Company for Electronic Industrial Automation) was founded in 1962 in Italy when it began production of metal detectors for the textile industry, since then our product line has grown covering many sectors from military and security to pharmaceutical and food. CEIA provide a range of sophisticated technologies designed for the detection of threats.


Frontier Pitts is the British manufacturer of Security Gates, Automatic Barriers, Road blockers, Rising & Static Bollards, Pedestrian Control Gates & Turnstiles. Our Anti-Terra Hostile Vehicle Mitigation (HVM) range has been successfully IWA14 and PAS68 impact tested. Our Platinum Gate and Turnstile range is Intruder Resistant to LPS1175 Security Ratings.




ADVERTISERS INDEX The publishers accept no responsibility for errors or omissions in this free service ATG Access


Bailey Street Furniture Group





18, 43

Cognitec Systems GmbH

30, 43



Frontier Pitts

8, 43

Inspectahire Instruments Company


International Border Management and Technologies Association


Philips Monitors MMD Monitors & Displays (Netherlands) B.V





16, 20

The Emergency Services Show/The Emergency Tech Show

BC, 34

UK Cyber Week


Urbis Schreder






In association with:







Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.